yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1031311] Re: [OSSA 2012-011] CVE-2012-3361 not fully addressed

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Fri, 07 Jun 2013 15:46:00 -0000
Reply-to: Bug 1031311 <1031311@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Summary changed:

- CVE-2012-3361 not fully addressed
+ [OSSA 2012-011] CVE-2012-3361 not fully addressed

** Also affects: ossa
   Importance: Undecided
       Status: New

** Changed in: ossa
       Status: New => Fix Released

** Changed in: ossa
     Assignee: (unassigned) => Thierry Carrez (ttx)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1031311

Title:
  [OSSA 2012-011] CVE-2012-3361 not fully addressed

Status in OpenStack Compute (Nova):
  Fix Released
Status in OpenStack Compute (nova) diablo series:
  Fix Committed
Status in OpenStack Compute (nova) essex series:
  Fix Released
Status in OpenStack Security Advisories:
  Fix Released
Status in “nova” package in Ubuntu:
  Fix Released
Status in “nova” source package in Precise:
  Fix Released

Bug description:
  Unfortunately the patches released for bug 1015531, didn't consider
  permissions in the guest.

  If there is a root only readable directory in the guest containing the dodgy symlinks, then they will not be detected by _join_and_check_path_within_fs() because it runs as the nova user.
  Therefore the equivalent of this function needs to run as the root user.

  Folsom patch attached.
  Diablo & Essex versions would need readlink added to rootwrap

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1031311/+subscriptions